Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Build failure: sonarr #360592

Closed
aanderse opened this issue Nov 30, 2024 · 18 comments · Fixed by #380045
Closed

Build failure: sonarr #360592

aanderse opened this issue Nov 30, 2024 · 18 comments · Fixed by #380045
Labels
0.kind: build failure A package fails to build

Comments

@aanderse
Copy link
Member

Steps To Reproduce

Steps to reproduce the behavior:

  1. attempt to upgrade your server to nixos 24.11
  2. build sonarr package
  3. see error that dotnet package is insecure

Build log

requires an old version of dotnet (6.x) which has security vulnerabilities against it in nixpkgs so it won't build without permitting those vunerabilities

Additional context

can we upgrade to dotnet 8 which is LTS?

Notify maintainers


Note for maintainers: Please tag this issue in your PR.

@fadenb @purcell @tie

and maybe @corngood, if my memory serves me correctly?


Add a 👍 reaction to issues you find important.

@aanderse aanderse added the 0.kind: build failure A package fails to build label Nov 30, 2024
@bobberb
Copy link

bobberb commented Nov 30, 2024

https://github.com/NixOS/nixpkgs/blob/nixos-24.11/pkgs/by-name/so/sonarr/package.nix

dotnet-sdk = dotnetCorePackages.sdk_6_0; dotnet-runtime = dotnetCorePackages.aspnetcore_6_0;

Are the offending values

@aanderse
Copy link
Member Author

yeah, i tried just replacing them with 8.x but it seems that build scripts expect 6.x

looking in upstream i am under the impression this can build with 8.x but maybe some sort of build time config switch is required

i didn't investigate further than that

@gepbird gepbird mentioned this issue Dec 1, 2024
17 tasks
@gepbird
Copy link
Contributor

gepbird commented Dec 1, 2024

Upstream hasn't updated to .NET 8, but some attempt was made: Sonarr/Sonarr#6597 (from here you can check the linked PRs)
Projects from the same maintainers have PRs for .NET 8: Radarr/Radarr#10258 Prowlarr/Prowlarr#2195

It takes a lot of effort for them to properly update to .NET 8, but for us applying some bare minimum patches (perhaps from Sonarr/Sonarr#6983) could work.

@bakerboy448
Copy link

bakerboy448 commented Dec 2, 2024

Stumbling here from the Starrs / Sonarr - so apologies for the slight off topic

  • why is Sonarr being built rather than using the pre-compiled binaries like Radarr, Prowlarr, etc?
  • Replacing Sonarr's bundled customized ffprobe is problematic and will cause unexpected media info results for files. A recent issue was seen with Radarr where the arch maintainer was removing the bundled ffprobe and replacing with the system one causing material audio parsing issues and download loops

It takes a lot of effort for them to properly update to .NET 8

Sonarr/Sonarr#7443

correct they'll be done in due time. It's not just the apps themselves, but the build servers and associated dependencies

Sonarr has ~2 developers working on the project + upstream metadata

prowlarr, radarr, lidarr have ~1 ish

readarr, whisparr have ~noneish

last heard was keeping bsd support - requiring custom build - and older systems support being dropped with net8.0 were the blockers being worked through

@corngood
Copy link
Contributor

corngood commented Dec 2, 2024

why is Sonarr being built rather than using the pre-compiled binaries like Radarr, Prowlarr, etc?

We should always prefer source builds IMO, but someone could add sonarr-bin if it's useful.

Also, anyone can still build this package with NIXPKGS_ALLOW_INSECURE.

@aanderse
Copy link
Member Author

aanderse commented Dec 3, 2024

i'll include this snippet here as well, citing discourse:

  nixpkgs.config.permittedInsecurePackages = [
    "aspnetcore-runtime-6.0.36"
    "aspnetcore-runtime-wrapped-6.0.36"
    "dotnet-sdk-6.0.428"
    "dotnet-sdk-wrapped-6.0.428"
  ];

@purcell
Copy link
Member

purcell commented Dec 3, 2024

Yeah, we used to package the upstream binaries for Sonarr and friends, in fact, but that's not at all the preferred Nixpkgs approach, so we switched to building from source.

ambroisie added a commit to ambroisie/nix-config that referenced this issue Dec 4, 2024
Allow-list the build inputs for `sonarr` until the package is fixed
upstream [1].

[1]: NixOS/nixpkgs#360592
@reinux
Copy link

reinux commented Dec 6, 2024

Something that isn't sonarr is causing the same error for me, and I can't quite make out what it is from the stack trace...

ambroisie added a commit to ambroisie/nix-config that referenced this issue Dec 8, 2024
Allow-list the build inputs for `sonarr` until the package is fixed
upstream [1].

[1]: NixOS/nixpkgs#360592
rvolosatovs added a commit to rvolosatovs/nixelium that referenced this issue Dec 18, 2024
rvolosatovs added a commit to rvolosatovs/nixelium that referenced this issue Dec 18, 2024
rvolosatovs added a commit to rvolosatovs/nixelium that referenced this issue Dec 18, 2024
rvolosatovs added a commit to rvolosatovs/nixelium that referenced this issue Dec 18, 2024
adtya added a commit to adtya/configuration.nix that referenced this issue Dec 28, 2024
DavSanchez added a commit to DavSanchez/nix-dotfiles that referenced this issue Jan 12, 2025
DavSanchez added a commit to DavSanchez/nix-dotfiles that referenced this issue Jan 12, 2025
* fix(dips): permit botnet 6

Revert after NixOS/nixpkgs#360592 and NixOS/nixpkgs#326335 are sorted out.

* fix(deps): allow asp net core
@kira-bruneau
Copy link
Contributor

It looks like Sonarr/Sonarr#7443 was merged now, so we can drop the dotnet v6 dependency once sonarr v5 is released!

@bakerboy448
Copy link

v5 isnt even official beta yet and historically sonarr betas last years....just for key context and to manage expectations

@gmile
Copy link

gmile commented Feb 1, 2025

I am only NixOS beginner, so asking out of curiosity: should it not be possible to use nix language to override the source of sonarr - to point it the latest sha on GitHub? So that the latest version of Sonarr is pulled and built on the fly, while evaluation the configuration 🤔 (ofc one would need to accept that the un-released Sonarr may be unstable)

@hughobrien
Copy link
Contributor

Yes it's just a bit fiddly

@niklaskorz
Copy link
Contributor

I think we should update to the tagged version https://github.com/Sonarr/Sonarr/commits/v5.0.0.12 even if it's considered beta. Beta beats insecure dependency.

@bakerboy448
Copy link

bakerboy448 commented Feb 6, 2025

Sonarr v5 is not beta nor released in anyway whatsoever. As confirmed by both release methods:

When v5 is beta presumably an announcement will be made.

If this is so critical perhaps NixOs Folks should simply fork Sonarr and maintain their own version. NixOS users would receive no support from official channels for their third party custom build.

@mrshmllow
Copy link

Anyone who down votes niklaskorz comment, what do you recommend nixpkgs users use? Even enabling insecure packages this package is broken for me.

@aanderse
Copy link
Member Author

aanderse commented Feb 6, 2025

Even enabling insecure packages this package is broken for me.

please include details - package and service work fine for me on stable, i would like to know what is broken for you

@jf-uu
Copy link

jf-uu commented Feb 6, 2025

I also don't have any issues on unstable (ecd26a4). You just need the insecure packages from this comment: #360592 (comment)

@mrshmllow
Copy link

@aanderse

nixpkgs @ 799ba5b

...
should_not_be_valid_if_child_of_windows_folder: windows specific test
23:03:39.7 Info: --- Start: NzbDrone.Core.Test.ValidationTests.SystemFolderValidatorFixture.should_not_be_valid_if_set_to_bin_folder --- 
23:03:39.7 Info: --- End: NzbDrone.Core.Test.ValidationTests.SystemFolderValidatorFixture.should_not_be_valid_if_set_to_bin_folder --- 

23:03:39.7 Info: --- Start: NzbDrone.Core.Test.ValidationTests.SystemFolderValidatorFixture.should_not_be_valid_if_set_to_windows_folder --- 
23:03:39.7 Info: --- End: NzbDrone.Core.Test.ValidationTests.SystemFolderValidatorFixture.should_not_be_valid_if_set_to_windows_folder --- 

should_not_be_valid_if_set_to_windows_folder: windows specific test
  Passed should_throw_if_script_is_not_set [123 ms]
  Passed should_throw_if_script_is_null [123 ms]
  Passed should_throw_if_script_path_does_not_exist [119 ms]
  Passed should_not_be_valid_if_child_of_bin_folder [158 ms]
  Skipped should_not_be_valid_if_child_of_windows_folder [40 ms]
  Passed should_not_be_valid_if_set_to_bin_folder [32 ms]
  Skipped should_not_be_valid_if_set_to_windows_folder [26 ms]
  Passed equal_operand [25 ms]
  Passed equal_operand_false [4 ms]
  Passed greater_operand [6 ms]
  Passed Icomparer_greater_test(6,0,0) [10 ms]
  Passed Icomparer_greater_test(5,1,0) [< 1 ms]
  Passed Icomparer_greater_test(5,0,1) [< 1 ms]
  Passed Icomparer_lesser_test(4,5,5) [5 ms]
  Passed Icomparer_lesser_test(5,4,5) [< 1 ms]
  Passed Icomparer_lesser_test(5,5,4) [< 1 ms]
  Passed lesser_operand [7 ms]
  Passed not_equal_operand_false [6 ms]
  Passed not_equal_operand_true [4 ms]
NUnit Adapter 3.17.0.0: Test execution complete

Test Run Failed.
Total tests: 4616
     Passed: 4589
     Failed: 1
    Skipped: 26
 Total time: 31.5983 Minutes

I am compiling again with doCheck = false but it does take like an hour to build for aarch64

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
0.kind: build failure A package fails to build
Projects
None yet
Development

Successfully merging a pull request may close this issue.